if you mean http security this server will not execute any external code, nor can it read/wtite the disk, only reads and hashes stuff inside "shared folder".Originally posted by FTFakes@17 May 2004 - 17:19
Good job on dir2sig B)
But the hashserver...what about security?
I'm sure organisations like RIAA will love it. Makes it pretty easy to find out what people have in their shared folder
*cough scanning port 80 cough*
And as the index files are placed in the My Shared Folder, everyone can search for them with Kazaa if people don't disable sharing of those files.
i didn't say users must choose the whole "my shared folder" nor port 80, only a subfolder which they feel beeing served.
im allready working to send 403 to ranges which the bad ip updater fetches, =sever will fetch itself from time to time. there IS a blocker allready working, only not so convinient.
but: my main idea here is not privacy: people fearing riaa and mpaa will never even download the server. my idea here is fastrack's illness for not supporting collections, ie: to see which song(s) are missing from the album.
what people did was shoot up a browser and do a search for the album's songs, & got many popups "BUY this" "BUY that" to find out what are they missing, /*not allways sucesfully*/, and finaly do a search inside kazaa for each and every missing song.
this goes to any other content which is shared in pieces, and is worth much more inside a collection.
and even is someone doesn't want to serve: he/she can take the dumped html files, customise them and upload them somewhere. i personaly think it's still more convinient to deal with hashes then using dir2sig or sig2dat or ksig.
for the index files: i have had kazaa running 24/7 for almost a year and not a single html file was ever uploaded from me, but they(files) can easily go somwhere else, i didn't plan to leave them there, this is a beta ok ?
i apreciate the comments, will work on it.
Bookmarks